From: Sergey Bronnikov via Tarantool-patches <tarantool-patches@dev.tarantool.org> To: tarantool-patches@dev.tarantool.org, Sergey Kaplun <skaplun@tarantool.org>, max.kokryashkin@gmail.com Subject: [Tarantool-patches] [PATCH luajit 2/2][v2] Followup fix for embedded bytecode loader. Date: Thu, 31 Aug 2023 14:32:14 +0300 [thread overview] Message-ID: <bdc81063aad97cea7d252e68a263759fd34bbc78.1693480177.git.sergeyb@tarantool.org> (raw) In-Reply-To: <cover.1693480177.git.sergeyb@tarantool.org> From: Sergey Bronnikov <sergeyb@tarantool.org> (cherry-picked from commit e49863eda13d095b1a78fd4ca0fd3a6a9a17d782) The patch follows up a previous patch and limits the total size of a chunk load by `lua_load` with size `LJ_MAX_BUF - 1`. Sergey Bronnikov: * added the description and the test --- src/lj_lex.c | 1 + test/tarantool-c-tests/lj-549-lua_load.test.c | 134 ++++++++++++++++++ 2 files changed, 135 insertions(+) create mode 100644 test/tarantool-c-tests/lj-549-lua_load.test.c diff --git a/src/lj_lex.c b/src/lj_lex.c index 6291705f..13495c41 100644 --- a/src/lj_lex.c +++ b/src/lj_lex.c @@ -51,6 +51,7 @@ static LJ_NOINLINE LexChar lex_more(LexState *ls) if (sz >= LJ_MAX_BUF) { if (sz != ~(size_t)0) lj_err_mem(ls->L); sz = ~(uintptr_t)0 - (uintptr_t)p; + if (sz >= LJ_MAX_BUF) sz = LJ_MAX_BUF-1; ls->endmark = 1; } ls->pe = p + sz; diff --git a/test/tarantool-c-tests/lj-549-lua_load.test.c b/test/tarantool-c-tests/lj-549-lua_load.test.c new file mode 100644 index 00000000..9baa7a1a --- /dev/null +++ b/test/tarantool-c-tests/lj-549-lua_load.test.c @@ -0,0 +1,134 @@ +#include <assert.h> +#include <stdint.h> +#include <stddef.h> +#include <string.h> +#include <stdlib.h> +#include <stdio.h> + +#include <lua.h> +#include <lualib.h> +#include <lauxlib.h> + +#include "test.h" +#include "utils.h" + +/* Need for skipcond. */ +#include "lj_arch.h" + +/* Defined in lj_def.h. */ +#define LJ_MAX_MEM32 0x7fffff00 /* Max. 32 bit memory allocation. */ +#define LJ_MAX_BUF LJ_MAX_MEM32 /* Max. buffer length. */ + +/* Defined in lua.h. */ +/* mark for precompiled code (`<esc>Lua') */ +#define LUA_SIGNATURE "\033Lua" + +#define UNUSED(x) ((void)(x)) + +/** + * Function generates a huge chunk of "bytecode" with a size bigger than + * LJ_MAX_BUF. Generated chunk must enable endmark in a Lex state. + */ +static const char * +bc_reader_with_endmark(lua_State *L, void *data, size_t *size) +{ + UNUSED(data); + int bc_chunk_size = (size_t)0; + static char *bc_chunk = NULL; + free(bc_chunk); + + bc_chunk = malloc(bc_chunk_size); + assert(bc_chunk != NULL); + + /** + * `lua_load` automatically detects whether the chunk is text or binary, + * and loads it accordingly. We need a trace for bytecode input, + * so it is necessary to deceive a check in lj_lex_setup, that + * makes a sanity check and detects whether input is bytecode or text + * by the first char. Put LUA_SIGNATURE[0] at the beginning of the + * allocated region. + */ + bc_chunk[0] = LUA_SIGNATURE[0]; + + *size = bc_chunk_size; + + return bc_chunk; +} + +static int bc_loader_with_endmark(void *test_state) +{ + lua_State *L = test_state; + void *ud = NULL; + int res = lua_load(L, bc_reader_with_endmark, ud, "endmark"); + + /* + * Make sure we passed the condition with lj_err_mem in the function + * `lex_more`. + */ + assert_true(res != LUA_ERRMEM); + + return TEST_EXIT_SUCCESS; +} + +enum bc_emission_state { + EMIT_BC, + EMIT_EOF, +}; + +typedef struct { + enum bc_emission_state state; +} dt; + +/** + * Function returns a bytecode chunk on the first call and NULL and size equal + * to zero on the second call. Triggers the END_OF_STREAM flag in the function + * `lex_more`. + */ +static const char * +bc_reader_with_eof(lua_State *L, void *data, size_t *size) +{ + UNUSED(data); + UNUSED(L); + dt *test_data = (dt *)data; + if (test_data->state == EMIT_EOF) { + *size = 0; + return NULL; + } + + static char *bc_chunk = NULL; + free(bc_chunk); + + size_t sz = 10; + bc_chunk = malloc(sz); + bc_chunk[0] = LUA_SIGNATURE[0]; + *size = sz; + + return bc_chunk; +} + +static int bc_loader_with_eof(void *test_state) +{ + lua_State *L = test_state; + dt test_data = {0}; + test_data.state = EMIT_BC; + int res = lua_load(L, bc_reader_with_eof, &test_data, "eof"); + assert_true(res = LUA_ERRSYNTAX); + if (res == LUA_OK) { + lua_pcall(L, 0, 0, 0); + } + + return TEST_EXIT_SUCCESS; +} + +int main(void) +{ + lua_State *L = utils_lua_init(); + const struct test_unit tgroup[] = { + test_unit_def(bc_loader_with_endmark), + test_unit_def(bc_loader_with_eof) + }; + + const int test_result = test_run_group(tgroup, L); + utils_lua_close(L); + return test_result; +} -- 2.34.1
next prev parent reply other threads:[~2023-08-31 11:32 UTC|newest] Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-08-31 11:29 [Tarantool-patches] [PATCH luajit 0/2][v2] Fix " Sergey Bronnikov via Tarantool-patches 2023-08-31 11:30 ` [Tarantool-patches] [PATCH luajit 1/2][v2] " Sergey Bronnikov via Tarantool-patches 2023-08-31 11:49 ` Sergey Bronnikov via Tarantool-patches 2023-09-01 9:42 ` Maxim Kokryashkin via Tarantool-patches 2023-09-04 9:31 ` Sergey Bronnikov via Tarantool-patches 2023-09-05 6:34 ` Maxim Kokryashkin via Tarantool-patches 2023-09-05 14:10 ` Sergey Kaplun via Tarantool-patches 2023-09-07 15:21 ` Sergey Bronnikov via Tarantool-patches 2023-09-11 8:45 ` Sergey Kaplun via Tarantool-patches 2023-09-12 10:20 ` Sergey Bronnikov via Tarantool-patches 2023-10-31 11:30 ` Sergey Kaplun via Tarantool-patches 2023-09-05 14:12 ` Sergey Kaplun via Tarantool-patches 2023-09-07 7:06 ` Sergey Bronnikov via Tarantool-patches 2023-08-31 11:32 ` Sergey Bronnikov via Tarantool-patches [this message] 2023-09-01 10:05 ` [Tarantool-patches] [PATCH luajit 2/2][v2] Followup fix for " Maxim Kokryashkin via Tarantool-patches 2023-09-04 16:34 ` Sergey Bronnikov via Tarantool-patches 2023-09-05 6:45 ` Maxim Kokryashkin via Tarantool-patches 2023-09-05 12:55 ` Sergey Kaplun via Tarantool-patches 2023-09-07 7:04 ` Sergey Bronnikov via Tarantool-patches 2023-09-11 9:26 ` Sergey Kaplun via Tarantool-patches 2023-09-12 10:30 ` Sergey Bronnikov via Tarantool-patches
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bdc81063aad97cea7d252e68a263759fd34bbc78.1693480177.git.sergeyb@tarantool.org \ --to=tarantool-patches@dev.tarantool.org \ --cc=estetus@gmail.com \ --cc=max.kokryashkin@gmail.com \ --cc=skaplun@tarantool.org \ --subject='Re: [Tarantool-patches] [PATCH luajit 2/2][v2] Followup fix for embedded bytecode loader.' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox